1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to system protection, and more particularly, to protecting a system in a virtualized environment, in which system resources are protected from malicious access and safe security services are guaranteed in the virtualized environment.
2. Description of the Related Art
Generally, devices such as personal computers (PCs), personal digital assistants (PDAs), wireless terminals and digital televisions (DTVs) use virtualization technology to enhance security and implement various applications and services. In order to provide a secure environment, the virtualization technology requires functions such as secure boot, secure software, and access control.
FIG. 1 is a block diagram of a related virtualization system apparatus. Referring to FIG. 1, the related virtualization system apparatus uses a virtual machine monitor (VMM) 10 to create a virtualized environment. The related virtualization system apparatus includes a domain unit 20 having a plurality of domains 21, 22, . . . and a system resource unit 30 having a read-only memory (ROM), a central processing unit (CPU), a memory, a battery and an input/output (I/O) device.
Each of the domains 21, 22, . . . of the domain unit 20 includes one or more device drivers 21a, 22a, or . . . . In addition, at least one of the domains 21, 22, . . . , for example, domain 21, includes a direct memory access (DMA) driver 21b. In the related virtualization system apparatus, the domain unit 20 processes DMA, and there is no limit to the formation of channels between the domains 21, 22, . . . . In addition, the domain unit 20 or the VMM 10 performs simple access control when each of the domains 21, 22, . . . attempts to access the system resource unit 30.
However, the above related virtualization system apparatus has security problems because the domain unit 20 processes DMA and the VMM 10 does not perform access control for preventing the possible malicious access of the domain unit 20 to the system resource unit 30.
More specifically, the domain 21 processes DMA, and access to a physical memory is not controlled. Therefore, if there is an insecure domain or a domain including a device driver with a bug, the domain may access a physical memory of the VMM 10 or another domain and steal confidential data or overwrite dummy data, thereby causing system failures.
If a specific domain excessively uses a system memory, system failures may occur, which, in turn, reduces system availability.
The number of event channels that can be formed between two domains is limited. Therefore, if a malicious domain uses all the available event channels, no event channel can be formed between the remaining domains. Consequently, system failures may occur.